Skills
skills/openclaw/skills/ERC-8004 Agent Discovery/Snyk

ERC-8004 Agent Discovery

Warn

Audited by Snyk on Feb 14, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill fetches public, user-generated agent records from the Agentscan API (https://agentscan.info/api/agents) and explicitly fetches/decodes arbitrary metadata_uri values (data: base64, ipfs:// via https://ipfs.io, and http(s) URLs) in decode_metadata_uri, meaning untrusted third‑party content is ingested and displayed as part of its workflows.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 14, 2026, 06:02 PM